Below we report:
Pursuant to EU Regulation no. 679/2016 (the General Data Protection Regulation, “GDPR”), this page describes the methods of processing the personal data of users who consult the site www.hotelverdemare.it (hereinafter “Website”)
Furthermore, if the user decides to make a reservation and/or a purchase, by filling in the appropriate booking forms on the aforementioned Website, he or she will be connected to a booking engine. This booking engine is provided by our Partner Blastness, appointed as Data Controller, as indicated in this information.
This information does not concern other sites, pages or online services accessible via hypertext links possibly published on the Website but referring to resources external to the Hotel Verdemare domain.
THE DATA CONTROLLER
The data controller of the personal data of the user of the Website is Bianchi Rosa Elisa, an individual company that manages the Hotel Verdemare hereinafter also referred to as "Hotel Verdemare") VAT number 00364720466 and C.F. BNCRLS41A68D969O, with registered office in Marina di Pietrasanta, in via Cipro, n. 35, telephone number: 0584-745871 e-mail: info@hotelverdemare.it.
WARNINGS AND PROTECTION OF CHILDREN
Unless expressly indicated, the provision of personal data through the collection points on the Site is reserved for adults.
TYPES OF DATA PROCESSED PURPOSE OF THE PROCESSING
Browsing data The computer systems and software procedures used to operate the Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment. This data is used for the sole purpose of obtaining statistical information on the use of the site, to check its correct functioning and for security reasons. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.
Cookies. For all information relating to cookies on these Websites, the user is invited to refer to our Cookie Policy at the following link: [https://www.hotelverdemare.it/cookies/]
Data communicated by the user. The optional, explicit and voluntary sending of e-mails to the addresses indicated on the Website, as well as the compilation and forwarding of the forms on the Websites or on the booking engine managed by BLASTNESS Srl, involve the acquisition of the sender's contact data, necessary to respond, as well as all the personal data included in the communications.
The Data Controller normally processes so-called data. common data (e.g. personal data, residence or domicile data, billing data, payment data, email contact data, telephone number, fax...). Only upon explicit request of the user may data belonging to particular categories (as per art. 9 GDPR), hereinafter also referred to as "Special Data", be processed, such as information revealing health conditions of the interested party (allergies or other health problems) or religious/philosophical beliefs (for example in the case of customer requests regarding religious affiliation).
The personal data provided in the manner described above will be processed for the following purposes:
1) To allow the user to navigate the Website. Legal basis of the processing: the need to allow the user to use the navigation service of the Website.
2) to execute pre-contractual measures (such as, for example, requests for information or requests for quotes). Legal basis of the processing: execution of pre-contractual measures carried out at the request of the interested party. In case of provision of Special Data, the legal basis of the processing is also constituted by the consent of the interested party.
3) for the management of your contractual relationship relating to the requested service, to acquire and confirm your booking of accommodation services and ancillary services, to carry out the pre-check-in service before the customer's arrival at the facility and to provide the requested services. Legal basis of the processing: execution of the requested contractual service. In case of provision of Special Data, the legal basis of the processing is also constituted by the consent of the interested party.
4) to fulfill the obligation set out in the "Consolidated law on public security laws" (article 109 R.D. 18.6.1931 n. 773) which requires us to communicate to the Police Headquarters, for public security purposes, the details of the customers housed in accordance with the methods established by the Ministry of the Interior (Decree of 7 January 2013). Legal basis of processing: execution of legal obligations.
5) for administrative purposes and for the fulfillment of legal obligations such as those of an accounting or tax nature, or to process requests from judicial authorities. Legal basis of processing: fulfillment of legal obligations;
6) in the presence of specific consent, for the periodic sending of newsletters via e-mail. Legal basis of the processing: consent of the interested party;
7) in the presence of specific consent, to receive promotional communications and invitations to events, special promotions (marketing). Legal basis of the processing: consent of the interested party;
8) in the case of sending a CV, exclusively for selection purposes. Legal basis of the processing: consent of the interested party to process the CV data for selection purposes;
9) to allow the Company to carry out surveys aimed at improving the quality of the service provided ("Customer Satisfaction"). Legal basis of the processing: legitimate interest of the Data Controller to verify the quality of the contractual service provided to the Customer.
10) to send direct marketing communications relating to services offered by the Data Controller which have already been used by the interested party, and/or for which the interested party has shown interest/made requests for a quote previously. Legal basis of processing: legitimate interest of the Data Controller to carry out direct marketing communications.
11) Specific summary information will be progressively reported or displayed on the pages of the Website possibly prepared for the provision of certain services.
NATURE OF THE PROVISION OF DATA
The provision of navigation data is necessary to guarantee navigation on the website. In case of lack of consent, the user will not have to use our website.
The provision of the data requested for the execution of pre-contractual measures, the conclusion of the contract, the fulfillment of legal obligations, is not mandatory, however it is necessary for the conclusion of the contract and/or to carry out the pre-contractual measures, and to satisfy the legal obligations to which the data controller is subject. Failure to provide them may make it impossible to obtain what is requested.
Providing data for sending CVs is optional, however if you fail to provide your contact details we may not be able to provide feedback regarding your application.
The provision of data for marketing purposes, to subscribe to the newsletter service is optional; failure to consent to the provision will have the sole consequence that you will not be able to receive our marketing communications and/or our newsletters.
The provision of personal data for the purpose of carrying out Customer Satisfaction surveys is not mandatory and is not a necessary requirement for the conclusion of the hotel and/or restaurant contract; we highlight to you that, pursuant to art. 21, 1 par. of EU Regulation 679/2016, the interested party has the right to object at any time to the processing carried out for legitimate interest. Opposition to processing will have no consequence other than that the interested party will not receive our Customer Satisfaction surveys.
The provision of personal data for the purpose of carrying out direct marketing (being contacted by the facility in relation to the services for which the customer has shown interest) is not mandatory and is not a necessary requirement for the conclusion of the hotel and/or catering contract; pursuant to art. 21, 2 and 3 par. of EU Regulation 679/2016, the interested party has the right to object at any time to the processing carried out for direct marketing. Opposition to processing will have no consequence other than not receiving direct marketing communications.
The provision of images taken by video surveillance is necessary for the conclusion of the catering and hotel contract, since in case of lack of consent from the interested party it is not possible to access the structure.
The interested party may not authorize the use of Cookies and deactivate them at any time, in the manner detailed in the cookie policy. Please note, however, that in this case, malfunctions of the Site or some of its functions may occur.
In case of consent given to obtain the sending of marketing material, newsletters, for the processing of CVs for personnel selection purposes by Hotel Verdemare, such consent can be revoked at any time, as specified in point 10.
DATA RETENTION PERIOD.
Web browsing data is stored for the time strictly necessary to process site statistics and to guarantee the functioning and security of the website.
Any Special Data provided by the interested party will be kept exclusively for the time strictly necessary to carry out the requested service, unless you give us consent to keep them for a longer period.
The data provided for pre-contractual purposes will be processed for the time strictly necessary to provide feedback to requests and communications forwarded voluntarily by the customer.
In the case of sending CVs only for the time strictly necessary to evaluate the application.
The data processed for contractual purposes and for the execution of legal obligations connected to the contract will be kept for the entire duration of the relationship and subsequently, once payment has been made, for 10 years (the time required for the ordinary limitation period).
The data processed for the purpose of carrying out the legal obligations connected to the contract will be kept for the time necessary to satisfy the legal obligations to which the data controller is subject.
The data acquired to fulfill the legal obligation indicated in letter d) are not retained by us after the termination of the contractual relationship.
The personal data provided to receive newsletters and promotional offers (marketing) will be kept for 10 years.
The data processed to carry out surveys regarding customer satisfaction are kept for the time necessary for the overall evaluation of the owner's investigation and the subsequent action to resolve any organizational deficiencies found.
The data processed for direct marketing purposes are kept for a maximum of 1 year from the termination of the contractual relationship.
The images recorded by the video surveillance cameras are deleted after 24 hours, except on holidays or other cases of business closure, and in any case no later than one week. They are not subject to communication to third parties, except in the case in which it is necessary to comply with a specific investigative request from the judicial authority or judicial police.
Cookies are stored for the period indicated in the policy cookies.
SECURITY METHODS AND PROCESSING OF INFORMATION
The processing of Personal Data will take place using manual, IT or telematic tools, suitable to guarantee its security and confidentiality and will be carried out by personnel duly trained in compliance with current legislation.
Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access, in compliance with the provisions of the articles. 24,25 and 32, GDPR.
In any case, the Data Controller cannot be responsible for unauthorized access or loss of personal information attributable to the interested party or in any case outside of its control.
No data acquired via the web will be communicated to third parties unless otherwise indicated on the page https://www.hotelverdemare.it/cookies/
SITE SECURITY MEASURES
Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access, in compliance with the provisions of the articles. 24 and 25, GDPR.
In any case, the Data Controller cannot be responsible for unauthorized access or loss of personal information attributable to the interested party or in any case outside of its control.
PLACE OF TREATMENT
Personal data is stored on servers located within the European Union, unless otherwise indicated below and in the Cookie Policy
The Online Chat service on the Site is provided by Tawk.to inc with registered office in Las Vegas Nevada (company designated as data controller pursuant to art. 28 GDPR), therefore, the personal data provided by the interested party in the chat may also be transferred outside the European Union. This transfer is authorized as the company Tawk.to inc. and the Data Controller have signed the standard contractual clauses (referred to in Article 46 GDPR) as a means to ensure an adequate level of protection of data transferred outside the European Economic Area.
For further information and/or a copy of the data subject to this transfer, you can contact the data controller at the contacts indicated in this information.
The Data Controller ensures that where it is necessary to make use of external managers of personal data processing (art. 28 GDPR) with servers located in Third Countries, the assignment will take place in compliance with the applicable legal provisions, with a guarantee of an adequate level of protection and/or subject to adequate guarantees (for example on the basis of an adequacy decision of the Third Country by the European Commission, or through the stipulation of standard contractual clauses provided by the European Commission).
ACCESS TO DATA. RECIPIENTS OF THE TREATMENT.
Access to the Personal Data collected following consultation of the website and sending requests and/or reservations via the website is permitted only to those in charge of processing, expressly authorized by the Data Controller, and to data processors designated with a role having the characteristics referred to in art. 28 GDPR.
The Data Controller is aware of the importance of data security for our customers and has selected the data controllers very carefully.
The Data Controller has appointed as Data Processors pursuant to art. 28 GDPR:
The updated list of external managers is available at the registered office of the data controller. At any time you can request the updated list by contacting the data controller at the addresses and contacts indicated in this document.
No data deriving from the web service is disseminated. The data may not be communicated to third parties except to external parties who, in fulfilling the contract and limited to the purposes indicated above, collaborate with the Data Controller (professionals/Companies that provide legal, fiscal, accounting consultancy and assistance, competent authorities for the fulfillment of legal obligations, subjects that provide services for the management of IT systems and assistance to the website) all bound by the obligation of confidentiality. In any case, in compliance with the principles of data processing envisaged by the GDPR, only the data necessary for carrying out the activities entrusted to them will be transmitted to external parties.
The data collected will under no circumstances be disclosed.
We would like to inform you that in the case of accommodation at this facility, the Data Controller, pursuant to current Italian legislation, is obliged to transmit the data of the people staying at the facility to the authorities.
The personal data provided by users who request dispatch of informative material are used for the sole purpose of carrying out the service or provision requested and are communicated to third parties only if this is necessary for this purpose (for example, shippers or carriers are mentioned).
The information may also be communicated whenever communication may be necessary to comply with requests from the Judicial or Public Security Authorities.
RIGHTS OF INTERESTED PARTIES (art. 7, articles 15 to 22 GDPR).
Based on current legislation and the provisions of the GDPR, you have the right to:
Requests addressed to the Data Controller may be sent to the contact details of the Data Controller at the following address: Hotel Verdemare, in via cipro, n. 35, 55045 Marina di Pietrasanta, telephone number: 0584.745871, email: info@hotelverdemarei.it.
The Data Controller must do so without delay and, in any case, at the latest within one month of receiving the request. The deadline may be extended by two months, if necessary, taking into account the complexity and number of requests received by the Data Controller. In such cases, the Data Controller will inform you and inform you of the reasons for the extension within one month of receiving your request.
Complaints to the supervisory authority may be addressed to the Guarantor for the protection of personal data, Piazza Venezia, 11 – 00187 Rome, IT-00186 Rome, email: ufficio@pec.gpdp.it.
MODIFICATIONS
The Owner reserves the right to modify or amend, at any time, this privacy policy wherever published on the site, especially due to the entry into force of new sector regulations. All users will be able to check the latest version of the privacy policy at any time by connecting to the site as updated from time to time by the Owner.
Last update October 2023
******************
This document ("Information") intends to provide information regarding the processing of the information that you will provide to the Data Controller and processed by it for the purposes indicated in this document. The information is provided pursuant to EU Regulation no. 679/2016 (“GDPR”), articles. 13, and subsequent national adaptation regulations (together with the GDPR “Applicable Regulations”).
The Data Controller, i.e. the legal person that determines the purposes and means of processing personal data, is Bianchi Rosa Elisa, an individual company that manages the Hotel Verdemare hereinafter also referred to as "Hotel Verdemare") VAT number 00364720466 and C.F. BNCRLS41A68D969O, with registered office in Marina di Pietrasanta, in via Cipro, n. 35, telephone number: 0584-745871 e-mail: info@hotelverdemare.it.
Within the limits of the purposes and methods described in this Information, information may be processed that can be considered as: a) "Data of a common nature", which includes your personal details, those of the people staying with you, your bank details, your contact details, billing data (such as, for example, but not limited to, mobile phone number, address of residence or domicile, e-mail address.); b) “Special Data” as characterized, pursuant to applicable legislation, by a particular nature; by way of example, reference is made to those who are able to provide information on the state or conditions of the user's health, religious or philosophical beliefs (art. 9 of EU Regulation 679/2016).
For convenience of reference, within this Policy, the expression "Personal Data" must be understood as a reference both to all your Data of a common nature and Special Data, unless otherwise specified.
The Personal Data collected will be processed for the purposes and under the legal bases set out below:
3.1 to execute pre-contractual measures (such as, for example, the request for information or a quote), for the management of your contractual relationship relating to the hotel and/or restaurant service, to acquire and confirm your booking of accommodation services and ancillary services, and to provide the requested services. You may decide to provide the Data Controller with Special Data in order to report a need relating to your health, such as, for example, allergies, pathologies, and/or food or other intolerances, i.e. those data that reveal conditions relating to the protection of health.
Since these are treatments necessary for the definition of the contractual agreement, for its subsequent implementation, and/or to perform the services requested by you, you are free to provide your Personal Data, however in case of failure to provide them we will not be able to confirm the booking and/or provide you with the requested services.
Legal basis of the processing: execution of pre-contractual measures at the request of the interested party; execution of a contractual relationship of which the interested party is a party. Consent of the interested party in case of provision of Particular Data.
Retention period: for this purpose, your data will be kept for the entire duration of the relationship and subsequently for 10 years (the time required for ordinary prescription). Any Special Data provided by you will be kept exclusively for the time strictly necessary to carry out the requested service, unless you give us consent to keep them for a longer period;
3.2 to fulfill the obligation set out in the "Consolidated law on public security laws" (article 109 of the Royal Decree of 18 June 1931, no. 773) which requires us to communicate to the Police Headquarters, for public security purposes, the details of customers housed in accordance with the methods established by the Ministry of the Interior (Decree of 7 January 2013).
The provision of data is mandatory as it derives from a legal obligation. In case of refusal to provide it, we will not be able to accommodate it in our facility.
Legal basis of the processing: execution of legal obligations.
Retention period: for this purpose, the data acquired are not stored by us after the termination of the relationship referred to in point 3.1, unless you provide us with consent to storage as provided for in point 3.5;
3.3 to fulfill current administrative, accounting and tax obligations.
The provision of data for this purpose is necessary for the conclusion of the contract. In case of refusal to provide the data necessary for the obligations indicated above, we will not be able to provide the requested services.
Legal basis of the processing: execution of a contractual relationship, execution of legal obligations.
Retention period: for these purposes, your data will be stored for the time required by the respective regulations;
3.4) to provide services aimed at customer satisfaction, carried out at your request, regarding your need and/or preference, such as, for example, a preferred room or floor for accommodation, presence of objects and/or other. For this purpose you may decide to also provide the Data Controller with Special Data. These categories of data may be processed by the Data Controller only with your free and explicit consent.
Legal basis of the processing: your consent.
Retention period: for this purpose, the data acquired are not stored by us after the termination of the relationship referred to in point 3.1, unless you give us your consent to storage.
3.5) to speed up the hotel registration procedures in the event of your subsequent stays at our hotel. For these purposes, upon acquisition of your consent which can be revoked at any time, your data, provided for the categories of data and purposes referred to in points 3.1, 3.2 and 3.3, will be used when you become our guest again.
Legal basis of the processing: your consent.
Retention period: for this purpose your data will be stored for a maximum period of 10 years
3.6) to guarantee the application of the services referred to in purpose 3.4 (aimed at achieving customer satisfaction) in the event of your subsequent stays at our hotel facility. For these purposes, upon acquisition of your consent which can be revoked at any time, your data will be used when you become our guest again.
Legal basis of the processing: your consent.
Retention period: for this purpose your data will be stored for a maximum period of 10 years,
3.7) for the purposes of protecting people, property and company assets through a video surveillance system of some areas of the structure, identifiable by the presence of specific signs. Your consent is not required for this processing, as it pursues our legitimate interest in protecting people and property from possible attacks, thefts, robberies, damages, acts of vandalism and for fire prevention and workplace safety purposes.
The provision of data for this purpose is necessary for the conclusion of the contract since in the event of your lack of consent you will not be able to access the hotel facility.
Legal basis of the processing: legitimate interest of the Data Controller in protecting people and property from possible attacks, thefts, robberies, damages, acts of vandalism and for fire prevention and workplace safety purposes.
Retention period: for this purpose the recorded images are deleted after 24 hours, except holidays or other cases of business closure, and in any case no later than one week. They are not subject to communication to third parties, except in the case in which it is necessary to comply with a specific investigative request from the judicial authority or judicial police.
3.8) to carry out the function of receiving messages and telephone calls addressed to you during your stay. For this purpose, your consent is required. You can revoke your consent at any time.
Legal basis of the processing: your consent.
Retention period: for this purpose your data will be stored until your departure from the hotel.
3.9) for marketing purposes and therefore to send you promotional communications and newsletters, to send you updates on the rates and offers practiced by the Data Controller, communications relating to events organized by the Data Controller. Your data may be processed by the Data Controller for this purpose only with your free and explicit consent, which can be revoked at any time.
Legal basis of the processing: your consent.
Retention period: for this purpose your data will be stored for a maximum period of 10 years.
3.10. To carry out direct marketing activities, aim to offer you services similar to those already purchased or for which you have already shown interest/or made requests for information or quotes previously. In this regard, you always have the right to object to processing at any time. This opposition will not prevent you from using the service referred to in the purposes referred to in point 3.1) and any further ones possibly chosen by you.
Legal basis of the processing: legitimate interest of the Owner to carry out direct marketing contacts in case of interest already expressed by the customer or potential customer for the services offered by the Owner
Retention period: for this purpose your data will be stored for a maximum period of 1 year.
3.11. To allow the Company to carry out surveys aimed at improving the quality of the service provided ("Customer Satisfaction").
Legal basis of the processing: legitimate interest of the Owner to verify the quality of the contractual service provided to the Customer.
Retention period: for this purpose, your data will be kept for the maximum period necessary for the overall evaluation of the owner's investigation.
Provision of personal data.
The provision of data for the purposes specified in this information is mandatory and/or necessary exclusively in the cases expressly indicated as such in point 3, as it concerns essential data for the conclusion of the contract and/or to carry out pre-contractual measures or to comply with legal obligations. In case of lack of consent to the provision of such data, even partially, the contract cannot be concluded and/or executed.
Unless expressly specified, the provision of data is optional and failure to consent will have the sole consequence of not being able to use the purpose described (for example, your data will not be stored in the event of future stays, you will not receive promotional communications,...).
The processing of Personal Data will take place using manual, IT or telematic tools, suitable to guarantee its security and confidentiality and will be carried out by personnel duly trained in compliance with the Applicable Regulations.
Your data may be made accessible for the purposes indicated in this document:
– to employees and collaborators of the Data Controller in their capacity as persons in charge in compliance with the requirements of the GDPR, external data processing managers, system administrators/IT experts;
– to third-party companies or other subjects who collaborate with the Data Controller in the fulfillment of the contract and/or limited to the purposes indicated above (for example, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, shippers, etc.). The data controllers are expressly appointed by the owner on the basis of a written agreement pursuant to art. 28 of the European Regulation.
The updated list of external managers is available at the registered office of the data controller. At any time you can request the updated list by contacting the data controller at the addresses and contacts indicated in this document.
The information may also be communicated whenever communication may be necessary to comply with requests from the Judicial or Public Security Authorities. The data collected will under no circumstances be disclosed. In this regard, we would like to point out that in the case of an overnight stay at this facility, the Data Controller, pursuant to current Italian legislation, is obliged to transmit the data of the people staying at the facility for the night to the aforementioned authorities.
Personal data is stored on servers located in Italy, and in any case within the European Union. In any case, it is understood that the Owner, if necessary, will have the right to move the servers even outside the EU. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in compliance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided for by the European Commission.
We also wish to inform you that under the GDPR you have the right to:
We also inform you that the aforementioned rights may be exercised by means of a written request addressed without formalities to the Data Controller at the contacts indicated in points 1.
The Data Controller must do so without delay and, in any case, at the latest within one month of receiving the request. The deadline may be extended by two months, if necessary, taking into account the complexity and number of requests received by the Data Controller. In such cases, the Data Controller will inform you and inform you of the reasons for the extension within one month of receiving your request.
Last update October 2023